Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
Description
The X-Content-Type-Options header should be added to all HTTP responses to improve security. In order for this to work correctly, all NiFi resources must accurately specify their respective Content-Type. This requires some work, as I do not believe this is currently the case for all of our resources.
Attachments
Issue Links
- relates to
-
NIFI-2437 Enforce HSTS to require HTTPS connections if available
- Resolved
- links to